Returns NULL if the wrong passphrase or authenticator information is used.

The passphrase is used to generate a decryption key, which will not be persisted.

If an authenticator was included when the ciphertext was encrypted, the authenticator must be provided at decryption time. If the authenticator value provided at decryption time does not match the authenticator value encrypted with the data, the decryption will fail.